Cybersecurity researchers have identified a new attack called LLMjacking, which involves using stolen cloud credentials to target cloud-hosted large language model (LLM) services. The attackers aim to sell access to other threat actors. The attack involves breaching systems running vulnerable versions of the Laravel Framework and obtaining Amazon Web Services (AWS) credentials to access LLM services. An open-source Python script called keychecker is used to validate keys for various services. Attackers are observed using a reverse proxy server to provide access to compromised accounts without exposing credentials. This attack allows threat actors to monetize their access to LLMs while the cloud account owner unknowingly incurs costs. The attack could result in over $46,000 in LLM consumption costs per day for the victim. Organizations are advised to enable detailed logging, monitor cloud logs for suspicious activity, and implement effective vulnerability management processes to prevent initial access.
Source link
Source link: https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html
Cloud-hosted AI models targeted by ‘LLMjacking’ scheme uncovered. #Cybersecurity
